Data Security, Online Safety and Privacy, Identity Theft, PC & Mobile Security, etc.
Below is a list of articles, links, tips and useful information about Data security for Business and for small businesses. Please contact us if you would like to share a good tip or article with us. Thank you for chosing Data Security for Business.com for your Data protection and online security.
Data Protection for Small Businesses : Getting it right
In the event that you are running a small business, you will definitely agree with me that data protection is something that you must take seriously, if you really are determined to stay safe as far as the running of your business is concerned. Data protection is a factor that has helped a lot of businesses, especially the start-ups or the small ones, to go far. That is particularly because the new technology has made it possible to even get and sign confidential documents such as contracts online hence the need to handle and keep them safe thanks to the data security for business platforms. In other words, data protection will go a long way making sure that confidential information remains just that –confidential.
Why do you need to protect your business data?
Several studies have pointed out the fact that many businesses are losing millions of dollars thanks to the cyber crimes that are reported almost every now and then. Big companies have, to some extent, managed to implement tight data security policies leaving the mall businesses as the main target of the cyber fraudsters who are always out to reap where they did not sow. The hackers easily take advantage of entities that have no stringent data protection for small business outlets in place.
Data protection involved quite a lot of things but lets us have a look at the most important ones, ones that you small business cannot afford to without.
In most cases, small businesses don’t have enough manpower as well as the budget to help them insulate against the hackers who are all over the internet nowadays. According to various researches, the following are some of the security risks that small businesses find themselves in;
1. Casual approach to data security
A number of small businesses never take data security that serious until they fall prey to the hackers. That is the point when they will wake up and realize that they need to protect their data. According to various studies, almost 82% of the small businesses believe that they are really not the target of hackers. A further 32% of that number believes that they will not be affected that much in terms of revenue even if they were hit by hackers. Malicious or criminal attacks are usually the main causes of breach of data. This can also be very expensive to any business that never took data protection for small business seriously from the word go. Mostly, such businesses don’t really invest a lot of adequately in protecting their data.
It is advisable to start by at least developing a simple plan of your data security that will not only cover data protection but also involves your plan B should your business fall victim of the hackers. Do not only patch your systems but also segment your business networks, mandate date encryption, use secure browsers, and always use email encryption to keep your data safe.
2. Lack of data backup systems
This is the worst thing that you will ever do as a business. Reports indicate that 62% of small businesses do not do a routine data backup. Lack of enough and proper infrastructure has been blamed for this as well as lack of interest or willingness to back up the data. If you are in business, let this sink, data backup is a must.
Automate your data backup process. This is very possible thanks to the level of technology in use today. Don’t rely on manual processes of backing up your data on physical drives such as CDs only. Use the readily available crowd services as well as other off-site servers to make sure that your data is safe in case of any theft, fire or any other disaster. This provides the best data security for business platforms.
3. Lack of stronger data protection policies
Some small businesses don’t really have strong data protection policies to keep them safe. In the contrary, data protection should actually be part and parcel of any business’ culture. Lack of such policies makes a business vulnerable to cyber attacks.
Formulate strong data protection policies. Go a step further to make sure that all employees in your business observe and keep these policies. That is for the reasons that some data security breaches can be internal whereby some employees are involved. But with strong policies against such cases, such employees will definitely keep off.
All that said and done, any small business must understand that we are living in an era where they cannot turn a blind eye to data protection, if they want to be in business for the longest time. They ought to understand that cyber crime is real and they can fall victim if their data protection for small business policies are shaky, or, if they don’t have any in place. It is prudent to make sure that you’ve directly a lot of efforts, as a business, in making sure that your data is safe.
Links, Tips & Useful Information about Data Security and Online Security for Home and Business
Online Privacy & Security and Internet Privacy
Best Tools for Online Privacy for Home and Small Businesses.
THE IMPORTANCE OF BACKING UP DATA FOR ALL SMALL BUSINESSES.
How to Stay Safe and Protected against Ransomware.
Backing up has become more important than ever, thanks to ransomware.
Ransomware is the hottest new attack method in the malware world. It can be pulled off with alarming ease as all a hacker has to do is buy some premade ransomware kit from malware creators on the dark web. Then he or she distributes the rotten code, usually by way of email attachments, but as we have explained earlier, ransomware can also get onto systems via holes, or vulnerabilities in outdated software. When the ransomware code is executed by say, clicking that infected link in an email, it begins to encrypt all the files on your computer or device. That’s when you’ll get a notice from the ransomware creators, letting you know that your files have been encrypted and if you want to retrieve them you’ll need to pay them about 1-2 bitcoins or $400-800.
Now with all your files encrypted, you are left with a choice - do you pay up or stand your ground? Here at ZoneAlarm, we are all for standing your ground, but the sad truth is that it won't get your files back because once they have been encrypted, they can only be unencrypted with the correlating key - which the hackers have and aren't about to give to you.
If you have been diligent in backing up your files, data, pictures and whatever else you have that’s precious to you, then you can stand your ground and walk away.
Make multiple backups
Before we delve into the different backup methods out there, it’s important to note that you should have more than one backup of your files stored in different places to ensure that you are really covered.
Types of backup
Cloud-based backup - You are probably familiar with cloud storage like. The idea here is that your files are stored in the cloud and you can access them from anywhere that you can log into your account. Look for a cloud based backup that automatically backs up all your files and folders. Some important features to watch out for:
• Unlimited storage.
• Folder syncing and sharing.
• Continuous backup throughout the day automatically.
• Available for smartphone.
Local backup - Your other option is to back up to an external hard drive or a flash drive. This method is a bit less user-friendly as it cannot be done automatically and since flash drives are so small, they tend to get lost easily. But it’s not a bad idea to have a physical backup of your digital stuff.
When it comes to ransomware, follow this mantra: Backup, don’t pay up.
What are the Steps to Take if your Identity was Jeopardized.
Here are the best steps you need to take now:
1. Freeze your accounts
According to the Federal Trade Commission, your first step should be to call your bank and credit card providers to let them know about the fraud and make sure they freeze your accounts ASAP. This means that no one can use them unless it’s with your approval.
You can also place a fraud alert on your account – this is essentially a special marker on your account that lets creditors know to take extra precautions when authorizing purchases on this account. This is less severe than the above measure as charges can still go through – it just means that the creditor or lender has to do more thorough background checks before letting transactions through. You can put a 90 day alert on your account by contacting one of the three credit reporting agencies, Equifax, TransUnion, or Experian (who was just hacked in a big way so at least they can sympathize). You can contact any of them and they let the others know.
2. Report the fraud to the police
According to Rocket Lawyer.com, an online legal service that provides low cost legal guidance, one of your first steps should be to file a police report or an identity theft report. According to their ID fraud center “This report gives you certain legal rights when you provide it to either the company where the thief misused your information, or the three major credit reporting agencies”.
Then send copies of the report to your local and state police and all the businesses that were affected. Include in the report as many details as possible. Make sure to let the Social Security Administration know as well.
3. Change all your passwords
We like changing passwords about as much as we like cleaning mildew off our shower walls – we may hate doing it but it’s just one of those things that’s got to get done. And if your ID has been compromised, it’s more important than ever. It’s time to change your passwords and make sure that your new ones are truly secure. This includes passwords for your bank and credit card, and all the other sites for which you have logins. We covered the topic of how to create hack proof passwords extensively a few months back. Follow those instructions and make sure all your passwords are unique and change them often.
4. Enable two-factor authentication
While we are on the topic, now is a good time to consider upping your security game by enabling two factor authentication for all your logins. See our article about setting up 2FA on some of the most commonly logged-on to sites. Having 2FA enabled essentially adds another layer of protection between your accounts and bad guys. It’s not all that hard to set up and it can save you mounds of trouble in the end.
5. Update your antivirus program
There are lots of ways malware and viruses can infiltrate your computer and expose your information to ill-intentioned people. Keeping your antivirus and antimalware programs updated blocks those nasties from your computer, and in fact, there is a good chance that lack of proper online security measures had something to do with the ID fraud you experienced. From here on in, make sure your antivirus program is updated and is doing its thing. All the time.
6. Review your credit card and bank statements regularly
This part is key – get into the habit of reviewing your bank and credit card statements online on a regular basis. This way you’ll know if anyone does try to put anything though (and even if you put an alert on your card, things can still get past, and anyway, it’s only for 90 days). This is a habit you want to get up and running – forever.
After an ID fraud incident, the best policy is to stay aware and vigilant. And the real truth is that in today’s digitally-wound world, constant vigilance is probably the best policy for everyone, compromised or not (yet). So in that sense, you can consider yourself one step ahead of the game.
How to Protect your Smartphones and Mobile Life ?
MOBILE THREATS HAVE GROWN ALMOST 300% IN THE LAST FIVE YEARS. MAKE SURE TO PROTECT YOUR MOBILE LIFE?
How often do you look at your smartphone each day? Do you check it 30 times a day? How about 40-55 times a day? Whether you check your mobile a (relative) few times a day or a lot, one thing is glaringly clear - we rely on those little things a lot. Actually, we rely on them a ton. In a recent study by Informate Mobile Intelligence revealed that the average American spends 4.7 hours looking at or checking his or her phone. That's one fifth of your day spent looking at an inanimate, soul-less machine.
Let’s check in with reality. Sure, the figure sounds crazy, but when you think about all the things we use our mobile devices for, it starts to make a bit more sense. Our mobile devices really do make lots of the other little gadgets in our lives obsolete. Who needs alarm clocks, cameras or watches when you have a smartphone that does it all?
And just think about all the apps we have that save us tons of time. Apps make banking, finding information on the closest beach and even ordering a pizza to right where you have pitched your sun umbrella happen in seconds, as opposed to the minutes it took to accomplish the same task on the internet or using an old-school phone.
Who can remember a time when you had to go home to check an email?! Our mobiles are what keep us in the loop at all times. And surely this is a good thing, right?
It sure would seem that all this connectivity and ease-of-use is great. But from a security standpoint, mobile has the potential to be a disaster.
Our ever-present smartphones (at last check, 47% of Americans admit to taking them along while in the bathroom) are a 6X8 storehouse of virtually all of our information. These tiny devices hold more information than the most powerful laptops did back in 2013. They contain our financial information, including credit card information, DOB and SSN’s, emails (often times including work-related emails) website login and password information, and much, much more. These little things know the in’s and out’s of our lives almost better than we do.
It’s all about our habits
There are lots of foolhardy habits that people do on a daily basis regarding their mobile devices that could end up costing them dearly in the end. These behaviors include:
• Using weak passwords
• Opening suspicious links in emails
• Accepting all “friend” requests
• Using unsecured public Wi-Fi networks to surf and shop
• Ignoring/delaying software updates
Then there are plenty of apps that employ sweeping permission policies, feeding lots of unnecessary information back to the app developers and third parties to be used to essentially spy on you and your mobile habits. All too common are rogue apps pretending to be legit but really only exist to collect data and even plant malware on devices. Other apps, though not malicious in nature, contain unintentional critical vulnerabilities that put your mobile and your data at risk, all the same.
Our utter reliance upon these little devices, coupled with our really bad practices and all the dangers apps can present make it no big surprise that the incidents of mobile threats have grown almost 300% in the last five years. And now that basically the whole world has been “mobilized”, things are only going to get worse. Thanks to services like Apple Pay and Samsung Pay and in no small part due to the Internet of things, mobile attacks are poised to increase in their technique and scope.
The Best Tips to Avoid Phishing Attempts for Small Businesses
• Check the sender’s email, not just the display name.
Hackers create a trustworthy display name and send from an email that looks similar to a legitimate brand. Be wary of small differences!
• Watch the spelling and grammar! Often these hackers don’t proofread
Read carefully to ensure there aren’t spelling and syntactical errors. Brands have an image to maintain, but hackers don’t.
• Double check that the hyperlinked URL is the same as the official website.
Sometimes the link appears to be the official website, but be sure to hover over the link to see if that’s the real destination.
• Does it instruct you to take immediate action?
It might mention a limited time offer or the potential loss or suspension of an existing account. The sense of urgency and fear is a classic phishing tactic.
• Is there a signature with details how to contact them?
Legitimate businesses will always provide contact details near the bottom of any email they send you. If this is not included, be suspicious.
• Have you been asked to input personal and sensitive account information?
It will direct you to a separate page that requires either passwords, bank account information, or both. If you have not initiated a request to change your password or account information, it’s rare that legitimate banks and companies will ever request you to change your personal credentials.
• The best defense is a good offence.
Make sure you have effective security software that protects against phishing.
WHAT ARE THE CYBER SECURITY THREATS TO BE AWARE OF IN 2017
Ransomware has been a tremendous threat to users all over the globe and has only been getting more sophisticated and troublesome over time. Hackers can gain access to your computer, encrypt your files and demand a payment in return for your files back.
How to stay safe ?
Be sure to back up your files with a high-quality back-up solution to protect your personal information. This is a great precaution to ensure that your files are safe and accessible to you for free no matter what happens. Exercise extreme caution when opening up email attachments and clicking on links sent to your email.
IoT and DDoS Hacksls
The Internet of Things is meant to bring household devices together to communicate with us and each other. By default, these devices are open and available to the internet and are protected with default passwords. Hackers are increasing their attention to new ways of leveraging IoT devices for malicious purposes. These devices bring a vulnerability to the network they are connected to, making it easy for hackers to take advantage of them.
IoT devices are utilized for Distributed Denial of Service (DDoS) to flood a targeted website by an overwhelming amount of requests from millions of connected machines. Smart devices use open public ports so that they can be accessible away from home. Hackers establish a large database of these open ports to form a botnet, a large amount of exploitable ports they can infect with malware. These devices are then used to transmit small amounts of data to aid in a DDoS attack.
How to stay safe ?
Change the default username and password through the appliance’s hub either on the smartphone app or through the manufacturer’s website. This step is necessary to secure your routers, printers, web cameras, DVRs, and all connected smart appliances.
Fyi: If you aren’t sure if you’re at risk, it might be a good idea to reboot your machine since malware in IoT devices are only located in the device’s temporary memory. I
Hackers look for various ways to break into a network, and usually they can accomplish this by exploiting unpatched software security holes. The goal of their hack is to commit identity theft by stealing your sensitive personal information and pretend to be you. Hackers break into networks and gain access to this information without means of phishing or through ransomware attacks.
How to stay safe ?
Ensure that your applications and operating software are regularly updated with the latest security patches. This will ensure you’re fully protected from a hack attack.
Emails disguised as banking or work emails prove the most effective at tricking people into thinking they are legitimate. These emails then link to a webpage that looks legitimate but is actually fraudulent and will request credit card and bank account information, as well as other sensitive personal details. These websites are created to spread malware and to gain access to your personal information.
How to stay safe ?
Be very cautious when clicking on attachments or links from an email, always look at the URL spelling to ensure there aren’t any typos and be very wary about inputting personal and financial details online. It will be very helpful to have an effective antivirus solution that includes anti-phishing protection to ensure you’re safe from phishing attempts as a robust second line of defense.
Cyber criminals are promoting fake articles to catch your attention and they are sometimes linking it to fake websites and that are intended to look exactly like the real one, by securing URLs that have a slight typo from their legitimate counterparts.
They do this in the hopes that you would input your credentials, believing that you’re providing this information to a site that you can trust. In some cases, these websites distribute malware while also being a phishing scam, hoping to steal your personal and financial information.
How to stay safe ?
Double check when you enter a URL that there are not any typos in the web address. It is advisable to make bookmarks on your computer with the legitimate websites and this will help to ensure that you’re accessing the real website every time. Ensure to update your antivirus software.